Access Control File Format
The access control file contains a series of entries that define the privileges. Each entry starts with a tag as follows:
-
d: - default
-
u: - user
-
g: - group
The tag is followed by a colon (:). In case of the default tag it is followed by true or false.
End-user and group tags are followed by the end-user or group name.
Multiple end users and groups are specified by having multiple end users (u) and groups (g) in lines.
The d: tag must be the last entry in an access control file. The server ignores all entries after a d: tag. If the d: tag is true, all other entries in the file are redundant and are ignored. You cannot set the d: tag as true in an access control file and selectively disallow end users that privilege. If default is set to false, only the end users and groups specified in the file will have that particular privilege.
The following are the default d: tag entries in the ACL files for a new installation:
-
sysAdmin.acl - Contains d:false
-
sysTopicsAdd.acl - Contains d:true
-
sysRoomsAdd.acl - Contains d:true
-
sysSaveUserSettings.acl - Contains d:true
-
sysSendAlerts.acl - Contains d:true
-
sysWatch.acl - Contains d:true
Caution – The format and also the existence of all the access control files might change in future releases of the product.
Note –
Disabling sysSendAlerts also disables polls.
Example 17–1 sysTopicsAdd.acl File
In the following example, the d: tag entry for sysTopicsAdd.acl file is false. Therefore, the Add and the Delete news channels privileges are available to the end users and groups that appear before the d: entry, namely user1, user2, and the sales group.
# Example sysTopicsAdd.acl file u:user1 u:user2 g:cn=sales,ou=groups,o=siroe d:False |
- © 2010, Oracle Corporation and/or its affiliates